News

A letter arrived in my letterbox recently. Green branding, an Australian Company Number prominently displayed, a central Sydney address, a reference number, a QR code, and a "renewal fee" of $99 for one year or $171 for three. The sender was "Registration", trading through reg.com.au. My business name, the letter warned, was due for renewal on 2 July 2026.

Everything about the letter was designed to look official apart from one giveaway at the bottom in smaller font: "Registration is a third-party business name renewal service provider. We are independent of ASIC [Australia's corporate regulator]. This is not a bill."

ASIC's own fee for the same three-year renewal is $102. Registration Pty Ltd pockets the difference for acting as a registered agent. This is a service I neither requested nor needed. While the operation is legal, consumer forums and small business groups consider it misleading and deceptive.

What I want to note here is not the ethics of the operator, but what the open .au namespace makes possible, and what .gov.au prevents.

In a nutshell: The European Commission presented a plan for better enforcement of EU rules, awarded a tender for a sovereign cloud, published the final reports of the Virtual Worlds Observatory and the Interactive Data Explorer, and partnered with EUIPO on DSA enforcement. The Cypriot presidency published a non-paper on FiDA negotiations. The Council of the EU published a compromise position on the Payment Services Regulation. EU institutions agreed on a roadmap to strengthen the EU Single Market, and are finalising the AI Omnibus negotiations. BEREC published an early assessment of the Digital Networks Act. The European Economic and Social Committee published an opinion on the Cybersecurity Act 2.0. Europol published the IOCTA 2026 report. The EDPB published a Data Protection Impact Assessment template. The Council of Europe issued a recommendation on online safety and empowerment of users and content creators.

In a nutshell: The European Commission published the 28^th regime proposal and opened feedback for the Cyber Resilience Act guidance. The European Council adopted conclusions on competitiveness and the single market. The Council of the EU adopted conclusions on the EU’s capacity to counter hybrid threats. The EDPB and EDPS published a joint opinion on the Cybersecurity Act 2.0 and NIS 2 amendments. The European Economic and Social Committee published an opinion on the Digital Omnibus. CJEU Advocate General delivered an opinion on high-risk suppliers.

Insights from 40 million domains in 10 ccTLDs reveal patterns behind domain renewals

Over the past few years, many CENTR members have observed changes in domain renewal behaviour. Many members saw a decline in the proportion of domains renewing during 2023-24. Even a small drop in renewal rates can have a significant financial impact, as a substantial share of registry revenue typically comes from renewals rather than new registrations. Additionally, stable and predictable renewal rates support more accurate financial planning.

Updates on abuse mitigation efforts

In January 2026, the gNSO adopted the PDP Charter for Associated Domain Check, which effectively initiated policy development work on DNS abuse. This PDP is expected to introduce new requirements for registrars to proactively check domains associated with malicious activity. The PDP will define the associated domain check’s triggers, scope, timeline, reasonableness, safeguards, documentation, and compliance metrics.

In a nutshell: The European Commission published a Submarine Cable Security Toolbox and Cable Projects of European Interest, 2026 Annual Single Market and Competitiveness Report, an IPRED study, and a counter terrorism strategy. The European Parliament held a hearing on CPC Regulation reform. The Council of the EU adopted a position on the 2030 Consumer Agenda. EDPB adopted a report on the right to be forgotten. EDPB, jointly with EDPS, adopted an opinion on the Digital Omnibus proposal. NIS Cooperation Group adopted an ICT supply chain toolbox. EU Member States published non-papers on competitiveness.

The 2026 CENTR Jamboree will take place in Berlin from the 6 to the 8 May 2026.

We will repeat last year’s process with contributions from participants to shape our agenda. Both members and non-members are therefore invited to submit proposals for sessions. We are excited to announce the Call for Proposals, and we invite you to be an active contributor to this event that brings the whole community together. 

CENTR issues Board statement on the EU action plan on fighting online fraud

The 124rd IETF meeting took place in Montreal, Canada between 1 and 7 November 2025 with over 150 sessions, a 2-day hackathon, and a wide range of side events. Pawel Kowalik and Christian Simmen from DENIC attended the meeting and have written a summary of the main points of relevance for the CENTR members.

In a nutshell: Cyprus took over the presidency in the Council of the EU. The EU institutions agreed on the EU legislative priorities. The European Commission is seeking input on tackling online fraud, open-source strategy and is assessing further steps to curb online piracy of sports and other live events. The Commission also published its proposals for the Cybersecurity Act 2.0, NIS2 amendments, and the Digital Networks Act. The Council of the EU published a statement on European competitiveness. The European Parliament is finalising its views on the upcoming 28^th regime for innovative companies. Crafts and industrial GIs can be registered under the new protection scheme.